Thank you for your response.
I have run Combofix and attached the log report below.
====================================================
ComboFix 10-03-09.04 - Brian 09/03/2010 20:53:32.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2756 [GMT 0:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Brian\LOCALS~1\temp\hcda.tmp
c:\documents and settings\Brian\Application Data\.#
c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\vistaCPtasks.xml
c:\program files\temp
c:\program files\temp\Amazing Windows XP.exe
c:\program files\temp\Holiday Snowflakes.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-7608389861-4229364978-742926350-5186
c:\recycler\S-1-5-21-804958079-876268488-945908249-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
-------\Legacy_npf
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-08 17:42 . 2010-03-08 17:42 -------- d-----w- c:\program files\Trend Micro
2010-03-08 17:29 . 2010-03-08 17:29 -------- d-----w- c:\program files\Common Files\Java
2010-03-08 13:46 . 2010-03-08 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-08 13:45 . 2010-03-08 13:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-08 13:45 . 2010-03-08 13:45 -------- d-----w- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com
2010-03-08 12:11 . 2010-03-08 12:11 -------- d-----w- c:\program files\CCleaner
2010-03-08 11:02 . 2010-03-08 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-08 11:02 . 2010-03-08 11:02 -------- d-----w- c:\documents and settings\Brian\Application Data\OnlineArmor
2010-03-08 11:01 . 2009-12-05 07:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-03-08 11:01 . 2009-12-05 07:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-03-08 11:01 . 2009-12-05 07:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-03-08 11:01 . 2010-03-08 11:01 -------- d-----w- c:\program files\Tall Emu
2010-03-08 09:28 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-06 17:03 . 2010-03-06 17:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-06 11:30 . 2010-03-06 11:31 -------- d-----w- c:\documents and settings\Brian\Application Data\QuickScan
2010-03-06 09:59 . 2010-03-06 09:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-03-06 09:57 . 2010-03-06 09:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-06 09:57 . 2010-03-06 09:58 -------- d-----w- c:\documents and settings\All Users\HF_PCA_1.00.00.0002
2010-03-06 09:57 . 2010-03-06 09:57 -------- d-----w- c:\program files\TVUPlayer
2010-03-04 18:06 . 2010-03-04 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-04 18:06 . 2010-03-04 18:06 -------- d-----w- c:\program files\Lavasoft
2010-03-02 21:40 . 2010-03-06 09:54 -------- d-----w- c:\documents and settings\Brian\Local Settings\Application Data\Analog Clock
2010-03-02 08:58 . 2010-03-06 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-02-22 08:25 . 2010-03-06 09:55 -------- d-----w- c:\program files\SimpleTaskTimer
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 20:45 . 2009-01-30 22:41 -------- d-----w- c:\documents and settings\Brian\Application Data\HPAppData
2010-03-09 13:02 . 2008-04-16 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-08 17:29 . 2009-10-03 01:12 -------- d-----w- c:\program files\Java
2010-03-08 13:44 . 2008-03-27 23:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-08 09:36 . 2008-09-16 20:44 -------- d-----w- c:\program files\Panda Security
2010-03-06 17:09 . 2007-11-01 11:47 200256 ----a-w- c:\documents and settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 11:34 . 2010-03-06 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 10:05 . 2007-10-31 01:49 -------- d-----w- c:\program files\Google
2010-03-06 09:58 . 2010-03-05 10:50 -------- d-----w- c:\program files\Spyware Doctor
2010-03-06 09:57 . 2010-01-16 22:35 -------- d-----w- c:\program files\FLV Player
2010-03-06 09:56 . 2010-01-28 15:56 -------- d-----w- c:\program files\SlickRun
2010-03-06 09:56 . 2010-01-28 15:56 -------- d-----w- c:\documents and settings\Brian\Application Data\SlickRun
2010-03-06 09:56 . 2009-10-14 15:55 -------- d-----w- c:\program files\CDBurnerXP
2010-03-06 09:54 . 2009-09-23 22:52 -------- d-----w- c:\program files\Opera
2010-03-06 09:54 . 2010-03-04 18:06 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-06 09:54 . 2010-03-05 10:41 -------- d-----w- c:\program files\Exterminate It!
2010-03-06 09:54 . 2010-03-05 10:50 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-06 09:53 . 2010-03-05 11:55 -------- d-----w- c:\program files\Backdoor Bifrose Removal Tool
2010-03-06 09:52 . 2010-03-05 14:31 -------- d-----w- c:\program files\Windows Defender
2010-03-06 09:12 . 2008-03-27 23:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-01 08:52 . 2008-10-01 21:38 -------- d-----w- c:\documents and settings\Brian\Application Data\vlc
2010-02-02 14:56 . 2007-10-31 02:44 -------- d-----w- c:\documents and settings\Brian\Application Data\Serif
2010-02-02 14:55 . 2007-10-30 23:45 -------- d-----w- c:\program files\Serif
2010-02-02 01:29 . 2008-11-24 12:54 -------- d-----w- c:\documents and settings\Brian\Application Data\Skype
2010-02-01 17:24 . 2008-11-24 12:58 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM
2010-01-23 21:15 . 2008-07-21 14:38 -------- d-----w- c:\program files\Aplus DVD Copy
2010-01-07 16:07 . 2009-10-22 08:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-10-22 08:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 17:56 . 2009-12-23 17:56 31728 ----a-w- c:\windows\dbrmdwb.exe
2009-12-23 17:56 . 2009-12-23 17:56 26 ----a-w- c:\windows\dbrmdwb.bat
2009-12-23 17:56 . 2009-12-23 17:56 241744 ----a-w- c:\windows\system32\DNLEng.dll
2009-12-23 17:56 . 2009-12-23 17:56 143360 ----a-w- c:\windows\picn1120.dll
2009-12-23 17:56 . 2009-12-23 17:56 143360 ----a-w- c:\windows\picn1020.dll
2009-12-23 17:56 . 2009-12-23 17:56 1025688 ----a-w- c:\windows\dbplugin.exe
2009-12-23 17:56 . 2009-12-23 17:56 2445312 ----a-w- c:\windows\npdbplug.dll
2009-12-17 17:14 . 2009-10-03 01:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 23:53 . 2007-11-04 01:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-12 23:53 . 2007-11-04 01:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-12 23:53 . 2007-11-04 01:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-12 23:53 . 2007-11-04 01:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-12 23:53 . 2007-11-04 01:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\documents and settings\Brian\My Documents\Downloads\taskbar_shuffle_2.2\taskbarshuffle.exe" [2007-11-01 827392]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"Chameleon System Monitor"="c:\program files\Common Files\Chameleon Manager\monitor.exe" [2009-10-18 1590784]
"Google Update"="c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16855552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"FuzLez WheelsOfVolume"="c:\program files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe" [2005-11-24 487424]
"GIZMO2"="c:\program files\GIZMO2\GIZMO.exe" [2008-05-21 2217224]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2008 11:58 AM 685816]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [08/03/2010 11:01 AM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [08/03/2010 11:01 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [08/03/2010 11:01 AM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [06/01/2008 11:58 AM 85760]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [08/03/2010 11:01 AM 1282248]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/10/2007 10:06 PM 472096]
S1 8d2febeb;8d2febeb;c:\windows\system32\drivers\8d2febeb.sys --> c:\windows\system32\drivers\8d2febeb.sys [?]
S2 gupdate1c9296e95d8854a;Google Update Service (gupdate1c9296e95d8854a);c:\program files\Google\Update\GoogleUpdate.exe [08/10/2008 5:52 PM 133104]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [05/09/2007 4:10 PM 32384]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [08/03/2010 11:01 AM 3291336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 11:35]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-08 19:41]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-08 19:41]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2865573587-1871110255-1844121720-1005Core.job
- c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:41]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2865573587-1871110255-1844121720-1005UA.job
- c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:41]
2010-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02]
2010-03-09 c:\windows\Tasks\User_Feed_Synchronization-{381ECA43-508D-423B-B297-40B884C65A1F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/calendar/render?pli=1
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp07.photoprintit.de/microsite/12855//defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\uczybqw1.default\
FF - prefs.js: browser.startup.homepage -
www.onetouchireland.comFF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Brian\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdbplug.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Picasa2\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-09 21:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\SoftwareDistribution
c:\windows\system32\wuapi.dll.mui 15064 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.179828.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 15072 bytes executable
c:\windows\system32\wups2.dll 44768 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.181484.bak 162304 bytes executable
scan completed successfully
hidden files: 6
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACDC1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba67dcb8
\Driver\atapi -> 0x8acdc1e8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3660)
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2010-03-09 21:09:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 21:09
Pre-Run: 362,417,909,760 bytes free
Post-Run: 362,379,616,256 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BFFC6B7287FF6A0C47F39EF9E3DE44FB